Preview for desktop, Android and iPhone – Your post will likely appear on Facebook native mobile apps, so better know how your post will be displayed on these platforms.

Pixel precise preview – The editor is using the same fonts and styles as Facebook clients. It also replicates their policy regarding title/description cropping. So you know what your visitors friends will see (or not).

Edit the image – You can zoom in/out and move the image. So you are in control of the post appearance.

Choose between the various formats – Did you know Facebook can display you posts with a square image? A tall image?

The results

65% of the top sites have no Open Graph image. As simple as this. You could expect such sites to be at the bottom of the list, but actually even the first ones lack of it:

Wikipedia – No Facebook Open Graph imageLinkedIn – No Facebook Open Graph imageReddit – No Facebook Open Graph image

What about the remaining 35%? Well, 8% don’t match Facebook ratio requirements. For example, Vimeo is using an image which is roughly 5:3.

Vimeo Open Graph image

Facebook expects 19.1:10, so it crops 13% of it to make it fit its news feed:

Vimeo Open Graph image cropped by FacebookVimeo on Facebook

Some other sites have the ratio right, but the images are too big. This is not documented anywhere, but when Facebook gets a small square picture, it displays it as is in the news feed. But when the image is big, Facebook processes it as a wide image. 7% of the top sites fall in this trap. Among them, YouTube (the 2nd most visited web site in the world) and Amazon:

Conclusion

That leaves us with only 20% of sites that:

Have an Open Graph image for Facebook

Have a ratio Facebook knows

Have the image displayed as is and not cropped by Facebook

Suffice it to say that this result is rather poor.

In one hand, one could think that YouTube homepage sharing is not that important. After all, what is heavily shared across Facebook are YouTube videos (and this part is done right). In the other hand, we need to consider that someone at YouTube created an image for the second most visited website in the world, and this image is not that great. And 80% of the top sites are more or less in this situation.

If you use Facebook, you must be used to this kind of thing in your news feed:

Someone (a friend maybe) shared some content and here you are with a title, a description, a link to click. And an image. This image is important because it has the power to grab the attention and generate visits.

This image is usually provided by the shared page, via specific HTML markups. Facebook sticks to the Open Graph specifications and adds a few more requirements, for example regarding the image dimensions.

For many sites, like blogs, the Open Graph image should be a classic, along with the page title and description. Facebook is often of critical importance to generate traffic. Is the Open Graph image correctly created?

An issue (among others)

To answer this question, let’s focus on a particular point. Facebook displays 19.1:10 images in its news feed (eg. 1200×630, because 1200/630=1.905; close enough). When it finds an image of another ratio, it automatically crops it to turn it to 19.1:10.

For example, let’s consider this 540×619 image:

When the related page is posted to Facebook, the image becomes:

It is easy to understand how Facebook proceeds. It simply crops the image as much as necessary to make it 19.1:10. To do so, it normally removes the same amount of border on each side to keep the center of the image:

Now the deal is clear: if you don’t provide a 19.1:10 image to Facebook, it will be cropped automatically. Which can be okay or plain wrong, depending on the image. Take this NCB News article about Macy’s. Its Open Graph image is:

We can clearly see the name “Macy’s” and the showcase, so this is probably a good photo to illustrate the article. However, when shared on Facebook, the outcome is rather poor:

“Macy’s” was entirely stripped and the photo is now quite dark.

Open Graph image in the wild

To investigate how the Open Graph images are prepared, 40 sites were selected, 10 in each of the following categories:

News sites (Yahoo News, CNN, etc.): They are high traffic sites everyone know. Facebook can be a major source of traffic for these sites, so they are likely to pay attention to the Open Graph images.

Tech blogs (TechCrunch, Mashable…): Same as news sites, plus they are tech-related. Can’t be wrong!

Blogs about WordPress (WPTavern, wplift…): As WordPress-related blogs, they must know about the right tools to have everything right, including Open Graph images.

Social Media blogs (Buffer blog…): Because social media is their core business, they must be especially careful with Facebook-related material.

Results (**drum roll**)

And now, the shocking truth: out of these 40 sites, only 3 are doing it right. Hat off to TechCrunch, Mashable and the New York Times. The later must have a dedicated tool or process for this, because its Open Graph images not only have the right dimensions, they are also cropped manually. I have no strong opinion about TechCrunch and Mashable but I suspect them to auto-crop the images, making the process less relevant: the goal is to do it manually in order to achieve the best result. Not to leave this to an automated tool.

What about the other sites?

Out of 40 sites, only one does not have any image (ITBusinessEdge). All the others come with an og:image markup. This is the sign that web site editors have plans for the Facebook metadata.

However, things are not that crisp when going into the details: 36 sites do not follow Facebook requirements and are exposed to auto-crop.

The next question is “how much?”. After all, removing a single row of pixels cannot hurt. On average, 13% of the surface of the analyzed images is cropped. This is significant, especially from high traffic and/or specialized sites.

Some sites seem to have no particular policy regarding Open Graph image dimensions. For example, on WPTavern, out of 10 posts, the average cropped surface is 18%, with a standard deviation of 14% (and a maximum of 41%). I suspect this is because the featured image (a term WordPress users should be familiar with) is used as the Open Graph image as is. This pattern must be encountered very often.

Some other sites apparently have a “fixed dimensions” policy, but ones that are not accurate. Both CNN and NBC News always expose the same image size. CNN has a systematic 7% of cropped surface, 21% for NBC News. The sad winner is HowToGeek with 43%. The Open Graph images are actually so small that Facebook ignores them and rather picks images right from the shared pages.

Conclusion

This small study shows how sites handle Facebook sharing: they support Facebook, but they do not support it well. This is the purpose of the new RealFaviconGenerator Facebook metadata editor: do it, and do it perfectly.

And for those who know what RealFaviconGenerator is in the first place, you probably recognize the pattern: a few years ago, favicon generation was very poorly addressed. But folks were used to it. Once RealFaviconGenerator came in with the favicon editor the community deserved, the expectations started to change and nowadays everybody want “all the icons”. And the smarter among them use RealFaviconGenerator 🙂

Methodology

The tested sites were obtained by googling something like “most popular news sites” and picking the first sensible list. In the end, the tested sites are not guaranteed to be the most relevant, but the outcome should be good enough.

Then, for each tested site, a sample post was randomly picked (eg. a news site headline article, a WordPress blog latest post, etc.).

The new MacBook Pro comes with a Touch Bar. This touch-screen-as-a-keyboard element is programmable and all macOS applications are expected to provide some contextual content. Safari is no exception. What does it display and how is your web site impacted?

Long story short: Safari is reusing the mask icon, specified a year ago by Apple while releasing macOS X El Capitan. Basically, if you have created your favicon with RealFaviconGenerator less than a year ago, your web site already has an icon to fit the Touch Bar.

The new Touch Bar preview

From day one, RealFaviconGenerator has aimed at providing a preview for all platforms, so you know in a blink how your favicon looks like everywhere. This is the update for the Touch Bar:

Why it matters

One could say the Touch Bar preview is no more than a nice to have. After all, as soon as you know how the icon is rendered as a pinned tab site, you get a good idea of how it should fit the Touch Bar. Well, this is not that simple.

The pinned tabs area background is light grey and Safari uses the color provided with the icon to fill the icon itself. The Touch Bar behaves differently, with dark contours, white icon and the color used as the icon background. Consequence: a dark color, which would have been a sensible choice a few months ago, is now doubtful when applied to the Touch Bar. In the example below, the Touch Bar icon is too dark and will not fit along with the more colorful icons:

Alpha feature

Oh, this is an alpha feature. The MacBook Pro with Touch Bar is not available yet even for a demo, as confirmed yesterday when I visited the Apple Store of Opera, Paris, France.

So how do you implement this kind of feature when you can’t even know for sure how it looks like on the final device? Clues and guesswork. For example, take this unboxing video on YouTube:

We can clearly see how icons are displayed. Plus they reflect their Pinned Tabs counterparts. Except for one icon: eBay. The icon is not monochromatic in the Touch Bar, which is normally not possible with the mask icon (the monochromatic SVG icon specified by Apple and used for pinned tabs). At this point, it is hard to know how Safari behaves. Apparently, it embeds predefined icons for well known sites such as Facebook and YouTube (a browser’s classic to introduce a proprietary web site presentation, in bookmarks for example). This make the underlying mechanism biased and less reverse-engineerable.

The feature will be updated as soon as possible to reflect the real appearance of the icon in the Touch Bar. Hopefully, that will only mean removing the “(alpha feature)” caption.

Five days ago, Kacper Szurek sent me an email to warn me about a security issue in the WordPress plugin. It was fixed a few minutes ago. Please update to v1.2.13.

How dangerous this breach was? It would allow an attacker to trick the authenticated administrator of a WordPress site to download and install a faked favicon package. Because the package contains HTML code to be added to the header of each page, this attack could basically lead to code injection. Such attack would be quite sophisticated: the attacker needs to target a blog, contact its administrator and trick him to make him click on a forged URL.

Alright. Favicon is not the most sensible topic around. Plus this icon is expected to be published and viewed by as much visitors as possible.

Or not. Maybe you’re doing some experiments with RealFaviconGenerator. Maybe you work on a secret project and you don’t want anyone to know before the D day. In any case, you need privacy. Now RealFaviconGenerator supports SSL.

The story of this new feature is a bit particular. It all started with a support request for the WordPress plugin. Apparently some plugins, such as the CloudFlare Flexible SSL plugin, rewrite the URLs to always keep the WordPress admin in the safe SSL world, even when he leaves his dashboard. And since RealFaviconGenerator didn’t support SSL until now, it was either CloudFlare or RFG.

Adding SSL support way the best way to fix this. Plus everybody expect SSL nowadays, including me. So here it is.

But something else happened. A few days ago, the press revealed that the NSA has stolen thousands of SIM keys in order to spy mobile phone conversations. To do this, the NSA hacked Gemalto, a company where I used to work (strictly speaking I was part of Trusted Logic, acquired by Gemalto a few years ago). I was working on SIM cards and even if I didn’t see a single real life SIM key, this event has a special meaning to me.

So now SSL is on and the timing is perfect. Your favicons are safe. This won’t make you sleep better, but at least this small issue is fixed.

iOS lets you define a startup image. When your visitors add your web site to their home screen, this image is displayed for a short time when the home screen link is clicked.

Now you can create this image with the help of the non-interactive API. Well, “this image” actually means “these 7 images”. And the HTML code is not trivial. Definitely not something you want to deal with a few hours before the release of your next web project.